Windows 10 Update – Words for the Legally Wise

» Posted on Oct 25, 2015 in Cyber Security, News

For those considering the upgrade to Windows 10, I have reviewed the terms and conditions of its use. This operating system, released in the summer of 2015, has been in the news lately. In summary, it is for the user to determine the advisability of downloading this updated operating system. It appears that the privacy controls could be used to effectively mitigate, but not eliminate, the substantial intrusions into user privacy.

Digging Up the Facts:

The Microsoft Windows 10 “Microsoft Privacy Statement” http://www.microsoft.com/en-us/privacystatement/default.aspx (“Privacy Statement”) and related “Microsoft License Terms” http://www.microsoft.com/enus/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm (”EULA”), although much more clear than other licensing agreements, are not entirely clear and comprehensible. Any user who wanted to understand what they are actually agreeing to would have to find and review both of these documents, hopefully before download. There are several other webpages which seem to have bearing on the privacy protections, which the end user would also have to read. Such as: http://windows.microsoft.com/en-us/windows-10/windows-privacy-faq. To evaluate the clarity of these documents, I shall memorialize the obvious privacy protection considerations and note possible solutions.

Privacy Statement:

The location of the privacy statement, popping up as it does only after the user has commenced downloading Windows 10, is problematic: The user doesn’t know what they are getting until after they have commenced with the download. By then, consumer inertia has taken effect and the transaction is likely to be consummated. Additionally, it is unclear if Microsoft has already taken the user’s information (contacts, calendar, etc.). It is unknown if deactivating this function would be “too late” as the transfer of that data had already taken place. The Privacy Statement indicates that:
•The user can turn off location services but that the mobile carrier will still have that information.
•The device will record motion data, like walking, etc.  There is no statement if that is always on or if Microsoft will keep that info.
•Microsoft will keep biometric data, for some reason.
•The camera records data, such as location and date.
•Additionally, Microsoft collects and uses data about your speech, inking (handwriting), and typing on Windows devices.”  This could be a thinly veiled type of keylogging, which users may or may not wish to.
EULA:
The EULA refers to the Privacy Statement and yet these two documents seem to conflict with one another. The EULA Indicates that:
•The EULA does not clarify if updates are automatic or can be denied. The Privacy Statement indicates that there is a setting by which “Windows [will] notify you when restart is required to finish installing updates.”
•“information” will be transferred during download, but which information is not disclosed.
•Windows 10 will report and apparently endeavor to delete unauthorized programs.
•Microsoft asserts that users must take any complaints they have to arbitration rather than seeking redress through a class action.  The New Mexico Supreme Court takes a dimmer view of arbitration clauses than some jurisdictions.  Cordova v. World Finance Corporation of New Mexico.  Here is the opinion, for those who are interested:

http://caselaw.findlaw.com/nm-supreme-court/1278738.html

Furthermore, this language could lead the unwary to believe that the Arbitration clause is viable under New Mexico law.  Dalton v.  Santander Consumer USA, 2015-NMCA-030, cert. granted March 23, 2015, would seem to indicate that the carve outs for small claims make the arbitration provision invalid.  Here is the opinion, for those who are interested:

http://www.nmcompcomm.us/nmcases/NMCA/2015/15ca-030.pdf

•There is no right to redress in a class action court, meaning that the legal costs of complaining about Windows 10 in Court are greater than the value of the software. The New Mexico  Supreme Court takes a dimmer view waiver of the right to redress through class action litigation than some jurisdictions.   Fiser v. Dell Computer Corporation. 2007-NMCA-087 (2007)   Here is the opinion, for those who are interested:

http://caselaw.findlaw.com/nm-court-of-appeals/1162626.html

User Options:

As to solutions, this user intends to delete all cookies, cache and bookmarks before installation.    As a precaution, users may want to try this one-click privacy enhancement program: http://pxc-coding.com/de/portfolio/donotspy10/  Furthermore, users may want to delete contacts and calendar and then reload them after 10 is installed.  Going forward, a few meaningless web searches to degrade the accuracy of the information taken is always helpful.  User beware and user be informed.